Secured email provider ?

[Nin]

Hi all,

I'm pretty sure this subject has been discussed already, but I couldn't find a thread using the search function.

Concerned about preserving my anonymity and safety, I decided to use Mailfence to register for the forum.

However, as of today, my Mailfence account has been suspended by the provider. Since this account is only used for my registration here, I don't quite understand: it's supposed to be a secure email service, with no oversight from the provider, or have I misunderstood?

I switched to ProtonMail, but quite not sure about this choice.

Is there a thread on the forum that compares and advises on which email services to use?

Thanks!

 

[hedgestonegrey88]

Protonmail is far better.

 

[hlad-zv]

Protonmail is far better.

I use Protonmail too and it's very good.

 

[pes]

Suspended might mean you have not used it for a while for example.
Read their terms of service.
Tutanota is another "safe" mail provider.
Email is never safe.

 

[hlad-zv]

Suspended might mean you have not used it for a while for example.
Read their terms of service.
Tutanota is another "safe" mail provider.
Email is never safe.

I have come across Tutanota too it's used by some of my correspondents and it's secure.

 

[Nin]

Suspended might mean you have not used it for a while for example.
Read their terms of service.

Yes, I did, it is written that you can be suspended after 210 days of inactivity, which was not the case. That's why I'm a bit worried.

But, well, since @hlad-zv and @hedgestonegrey88 also say that ProtonMail is ok, I'll stay on it (and if needed I'll move to Tutanota). Thank you!

 

[pes]

I have come across Tutanota too it's used by some of my correspondents and it's secure.

Secure is a relative term there.
What exactly do you mean by it?

If you are sending email within the same service, then ok it might be encrypted.
But once you send that mail to anyone else using a different provider, their internal encryption will be stripped.

 

[Nin]

Secure is a relative term there.
What exactly do you mean by it?

If you are sending email within the same service, then ok it might be encrypted.
But once you send that mail to anyone else using a different provider, their internal encryption will be stripped.

What intrigues me most is: can they check what we receive/send? In other words: if we receive an email from the forum, do they have a way, automatic or otherwise, of knowing that activity contrary to their rules is taking place on a person's email service?

 

[pes]

​

Emails from Proton Mail users to non-Proton Mail users​

• End-to-end encrypted if the Password-protected Emails feature is selected.
• Otherwise encrypted with TLS if the non-Proton Mail mail server supports it (most providers such as Gmail, Yahoo, Hotmail, etc, support TLS). Note, since these messages are encrypted but not end-to-end encrypted, Gmail, Yahoo, Hotmail, etc will be able to read these messages and hand them over. This is not possible if you use Password-protected Emails, which enable Proton Mail’s end-to-end encryption.

What intrigues me most is: can they check what we receive/send? In other words: if we receive an email from the forum, do they have a way, automatic or otherwise, of knowing that activity contrary to their rules is taking place on a person's email service?

The mail provider says they do not do that I think, but the mail from ZV is not proton mail, it is regular mail, so it is coming in unencrypted.
Once the protonmail server receives the message over TLS and decrypts the TLS, the message is plain text.

TLS or in other words HTTPS or similar is a technology that protects communication between servers.
But the sever needs to decrypt it to handle it, so it is not the same as end to end encryption where only the user has the keys.

 

[hlad-zv]

Secure is a relative term there.
What exactly do you mean by it?

If you are sending email within the same service, then ok it might be encrypted.
But once you send that mail to anyone else using a different provider, their internal encryption will be stripped.

Indeed, secure is a relative term as encryption works best end-to-end when it is like to like that you are communicating with I am fully aware of that. The implication is to use same provider or a token system as provided by the likes of Tutanota to other encrypted services like Protonmail.

 

[Nin]

Okay... these last posts answer my question, or at least provides some information.

As for me, aside from receiving emails from ZV, I haven't had any other activity, and I'm certain I haven't violated the other account maintenance requirements. This means that, somewhere and in some way, Mailfence detected activity on my account that violated their rules.

 

[Andrew778]

Proton mail.

 

[pes]

Email has never been a secure protocol.
The first versions of email used plain text which nowadays is at least encrypted with TLS but the messages on the end servers are plain text readable.
If you want to send encrypted mail, you have to encrypt it with PGP yourself.

 

[Goattobeloved]

In any case, they WILL see the sender address and originating domain

 

[pes]

Okay... these last posts answer my question, or at least provides some information.

As for me, aside from receiving emails from ZV, I haven't had any other activity, and I'm certain I haven't violated the other account maintenance requirements. This means that, somewhere and in some way, Mailfence detected activity on my account that violated their rules.

It is possible but without asking them, we can not know the reason.
I recommend turning off the mail capabilities on ZV since it is not secure.
This is a generic forum software and in any generic situation it is fine, not here though.

 

[hlad-zv]

What intrigues me most is: can they check what we receive/send? In other words: if we receive an email from the forum, do they have a way, automatic or otherwise, of knowing that activity contrary to their rules is taking place on a person's email service?

They have no way of knowing what the contents of your email are it's encrypted on sending and they have no way of accessing the encrypted contents.

 

[pes]

They have no way of knowing what the contents of your email are it's encrypted on sending and they have no way of accessing the encrypted contents.

It is not encrypted.

Emails from Proton Mail users to non-Proton Mail users​

• End-to-end encrypted if the Password-protected Emails feature is selected.
• Otherwise encrypted with TLS if the non-Proton Mail mail server supports it (most providers such as Gmail, Yahoo, Hotmail, etc, support TLS). Note, since these messages are encrypted but not end-to-end encrypted, Gmail, Yahoo, Hotmail, etc will be able to read these messages and hand them over. This is not possible if you use Password-protected Emails, which enable Proton Mail’s end-to-end encryption.

Email is a plain text service. Once the receiving server gets the message, decrypts the TLS, the content is plain text.
They also see the headers and sender. Which they need to see to even handle the mail.
The content of the mail from ZV is not pgp encrypted because the user obviously is not decrypting it.

 

[ikanon]

Suspended might mean you have not used it for a while for example.
Read their terms of service.
Tutanota is another "safe" mail provider.
Email is never safe.

Couple of years ago my account got "locked" because Tutanota, which I had used at signup was no longer accepted. Switching to proton solved the problem. Are you sure that ZV accepts Tutanota nowadays?

 

[pes]

Are you sure that ZV accepts Tutanota nowadays?

I have no idea.

 

[Nin]

I recommend turning off the mail capabilities on ZV since it is not secure.

I will take this advice.

It is not encrypted.
Email is a plain text service. Once the receiving server gets the message, decrypts the TLS, the content is plain text.
They also see the headers and sender. Which they need to see to even handle the mail.
The content of the mail from ZV is not pgp encrypted because the user obviously is not decrypting it.

So if it's not encrypted and they could access to the data, they indeed could set up automatic rules in case of inappropriate content. Here Zooville could be marked as against their rules. Mailfence is Belgian, not sure of the legislation there.

 

[pes]

So if it's not encrypted and they could access to the data, they indeed could set up automatic rules in case of inappropriate content. Here Zooville could be marked as against their rules. Mailfence is Belgian, not sure of the legislation there.

It is possible. Though blocking an obscure zoo forum seems odd.

 

[ikanon]

I have no idea.

Is someone brave enough to try to sign up for a second account using Tutanota?

 

[ADreamOfLiberty]

I switched to ProtonMail, but quite not sure about this choice.

Here is the rule (for 99% safety):

If the mail service works on Tor Browser (with no phone or desktop apps), then you can use it anonymously and it doesn't matter what they think they're recording about you.

UNLESS you're putting PII in your messages, in which case I'm sure there is a lot of pros and cons for various options but in the end it will come down to trust. You will be trusting your identity to people, because you cannot confirm that they never read it. This is true for Zooville (or any forum) PMs too. Even if you trust the ownership at one time, it may change.

People in USA, people in Scandinavia, people in Switzerland; they're all people. People have beliefs and fears and randomly selected humans are unlikely to feel bad about outing a zoo.


There are only 2 ways to communicate PII with near certain security:
1.) Meet in person, or send snail-mail, exchange cryptographic keys, use one of many software suites to communicate online. (likely a chicken egg problem for you)
2.) Meet in decentralized and encrypted online spaces with secure peer to peer communication.

And as always: Just because you can communicate with a person securely, does not mean that person is secure.

 

[Nin]

Here is the rule (for 99% safety):

If the mail service works on Tor Browser (with no phone or desktop apps), then you can use it anonymously and it doesn't matter what they think they're recording about you.

UNLESS you're putting PII in your messages, in which case I'm sure there is a lot of pros and cons for various options but in the end it will come down to trust. You will be trusting your identity to people, because you cannot confirm that they never read it. This is true for Zooville (or any forum) PMs too. Even if you trust the ownership at one time, it may change.

People in USA, people in Scandinavia, people in Switzerland; they're all people. People have beliefs and fears and randomly selected humans are unlikely to feel bad about outing a zoo.


There are only 2 ways to communicate PII with near certain security:
1.) Meet in person, or send snail-mail, exchange cryptographic keys, use one of many software suites to communicate online. (likely a chicken egg problem for you)
2.) Meet in decentralized and encrypted online spaces with secure peer to peer communication.

And as always: Just because you can communicate with a person securely, does not mean that person is secure.

Thanks for the explanation, that makes sense.
I’m taking this on board as useful background info.

 

[UR20Z]

Essentially, Email is an open book unless the contents are encrypted before being handed to the "delivery system". In short, you can encrypt the content you send before sending it. But you CANNOT (without using remailers, which are getting rarer every day, and ain't for the faint of heart to begin with) conceal where that content is going, or where it came from. You want "private" email, learn to use PGP/GPG, and never send anything "in the clear". Doesn't matter what encryption the email service uses internally - if it hits a server, it's there for anybody and his dog to read if they choose to do so. Encrypted email (that you encrypt before sending it an an email) is (so far as anybody can say for sure) untouchable. Anything else ... is a coin-toss as to whether somebody can/will read it as it goes by.

 

[steppin]

I attempted to use Underworld Mail and it was blocked by the site

The staff should double check their provider black/whitelist

 

[majolica]

I attempted to use Underworld Mail and it was blocked by the site

The staff should double check their provider black/whitelist

In 2022 I used yopmail with a random account name, (as the most bland and disposable of email), to sign up for this site. My account never has, and never will have, any accurate personally identifying information beyond a very wide ranging location. I have all email notifications turned off. Sadly the site now blocks most known temporary email providers. Requiring proton, tuta, or something of a similar level of security to sign up for this site was an unnecessary and backwards step. Email is only for legal and socially acceptable communication. If people must use email for any questionable activity they should encrypt the contents of their message in a password protected encrypted container such as .rar, .7z, etc and send it as an attachment. Consider putting the message in a veracrypt vault or .b1 container, and then put that in a .rar. There are other, less susceptible to compromise, forms of media rather than email to communicate through.

 

[steppin]

In 2022 I used yopmail with a random account name, (as the most bland and disposable of email), to sign up for this site. My account never has, and never will have, any accurate personally identifying information beyond a very wide ranging location. I have all email notifications turned off. Sadly the site now blocks most known temporary email providers. Requiring proton, tuta, or something of a similar level of security to sign up for this site was an unnecessary and backwards step. Email is only for legal and socially acceptable communication. If people must use email for any questionable activity they should encrypt the contents of their message in a password protected encrypted container such as .rar, .7z, etc and send it as an attachment. Consider putting the message in a veracrypt vault or .b1 container, and then put that in a .rar. There are other, less susceptible to compromise, forms of media rather than email to communicate through.

Yeah, I believe the email requirement is part of the Xenforo software, and to make spam more difficult, which is why I think requiring a truly anonymous address, rather than having a whitelist of a few surface web providers that all block anon logins and are high profile targets, is a smarter move. Simply having a throwaway email address is not enough. The only allowed provider I could register for was Proton, and even they required me to deanonymize myself because I caught their spam filter.

 

[majolica]

Yeah, I believe the email requirement is part of the Xenforo software, and to make spam more difficult, which is why I think requiring a truly anonymous address, rather than having a whitelist of a few surface web providers that all block anon logins and are high profile targets, is a smarter move. Simply having a throwaway email address is not enough. The only allowed provider I could register for was Proton, and even they required me to deanonymize myself because I caught their spam filter.

If the sign-up process helps to identify you then you could be in serious trouble if/when the admin account or server is compromised by hackers or law enforcement. If the sign-up process doesn't help to identify you then there's no point in blocking temporary emails. Spam accounts are a pain but that's not a good enough excuse to risk members' security. The more genuine personal information the site holds the more attractive it becomes to hackers and law enforcement. Hopefully admin reconsiders the sign-up process now that the software has been updated.